package de.governikus.panstar.sdk.utils.saml;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.DecryptionParameters;
import org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.Decrypter;
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleKeyInfoReferenceEncryptedKeyResolver;
import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver;
import org.opensaml.xmlsec.keyinfo.impl.ChainingKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.CollectionKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.LocalKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.provider.AgreementMethodKeyInfoProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.ECKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;

/* loaded from: input_file:de/governikus/panstar/sdk/utils/saml/SamlDecrypterUtils.class */
public final class SamlDecrypterUtils {
    private SamlDecrypterUtils() {
    }

    public static Decrypter setupDecrypter(X509Certificate x509Certificate, PrivateKey privateKey) {
        return new Decrypter(getDecryptionParameters(CredentialSupport.getSimpleCredential(x509Certificate, privateKey)));
    }

    public static Decrypter setupDecrypter(Credential credential) {
        return new Decrypter(getDecryptionParameters(credential));
    }

    private static DecryptionParameters getDecryptionParameters(Credential credential) {
        DecryptionParameters decryptionParameters = new DecryptionParameters();
        decryptionParameters.setEncryptedKeyResolver(new ChainingEncryptedKeyResolver(Arrays.asList(new InlineEncryptedKeyResolver(), new EncryptedElementTypeEncryptedKeyResolver(), new SimpleRetrievalMethodEncryptedKeyResolver(), new SimpleKeyInfoReferenceEncryptedKeyResolver())));
        decryptionParameters.setKEKKeyInfoCredentialResolver(new ChainingKeyInfoCredentialResolver(List.of(new LocalKeyInfoCredentialResolver(Arrays.asList(new AgreementMethodKeyInfoProvider(), new RSAKeyValueProvider(), new ECKeyValueProvider(), new InlineX509DataProvider()), new CollectionKeyInfoCredentialResolver(List.of(credential))), new StaticKeyInfoCredentialResolver(credential))));
        return decryptionParameters;
    }
}
